kombicko Posted April 28, 2014 ID:824313 Share Posted April 28, 2014 Hey I got some virus again on my PC that runs on Win 8 and it seems to mess up my registry since Rundll error pops up every time I turn on the systém. I've conductet scan via FRST this is result post first scan and in attached files is addition txt. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014Ran by tomas_000 (administrator) on TOMAS on 28-04-2014 11:34:21Running from C:\Users\tomas_000\DesktopWindows 8 (X64) OS Language: CzechInternet Explorer Version 10Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(BlueStack Systems, Inc.) c:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe() C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Microsoft Corporation) C:\Windows\system32\dashost.exe(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe() C:\Windows\SysWOW64\PnkBstrA.exe() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\system32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe(MSI) C:\Program Files (x86)\SCM\SCM.exe() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Realtek Semiconductor Corporation) C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-27] (Realtek Semiconductor)HKLM\...\Run: [btServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [452608 2013-01-28] (Realtek Semiconductor Corporation)HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2875728 2013-04-27] (ELAN Microelectronics Corp.)HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2013-04-24] (MSI)HKLM\...\Run: [sCM] => C:\Program Files (x86)\SCM\SCM.exe [406944 2013-04-24] (MSI)HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [27648 2013-01-07] (Creative Technology Ltd.)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)HKLM\...\Run: [shadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)HKLM-x32\...\Run: [sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)HKLM-x32\...\Run: [super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [490480 2013-02-07] (MSI)HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)HKLM-x32\...\Run: [blueStacks Agent] => c:\Program Files (x86)\BlueStacks\HD-Agent.exe [597880 2013-01-08] (BlueStack Systems, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-28] (AVAST Software)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1699877965-1772311906-267468670-1002\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1825984 2014-04-24] (Valve Corporation)HKU\S-1-5-21-1699877965-1772311906-267468670-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)HKU\S-1-5-21-1699877965-1772311906-267468670-1002\...\MountPoints2: {2c7e839b-00ed-11e3-be78-806e6f6e6963} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\autorun.exeHKU\S-1-5-21-1699877965-1772311906-267468670-1002\...\MountPoints2: {a1232edd-6ef0-11e3-be94-240a644aa602} - "G:\SETUP.EXE"AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnkShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnkShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)Startup: C:\Users\tomas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jbfrxhb.lnkShortcutTarget: jbfrxhb.lnk -> C:\PROGRA~3\bhxrfbj.gsa (No File)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi13.msn.comSearchScopes: HKLM - DefaultScope {004887DC-5E12-420E-ABBD-4542392F48A2} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS;SearchScopes: HKLM - {004887DC-5E12-420E-ABBD-4542392F48A2} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS;SearchScopes: HKLM-x32 - {004887DC-5E12-420E-ABBD-4542392F48A2} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS;SearchScopes: HKCU - DefaultScope {004887DC-5E12-420E-ABBD-4542392F48A2} URL =SearchScopes: HKCU - {004887DC-5E12-420E-ABBD-4542392F48A2} URL =BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)Winsock: Catalog9 05 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)Winsock: Catalog9 06 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)Winsock: Catalog9 18 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)Winsock: Catalog9-x64 05 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)Winsock: Catalog9-x64 06 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)Winsock: Catalog9-x64 18 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)Tcpip\Parameters: [DhcpNameServer] 10.0.0.1FireFox:========FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @kb-ext.cz/PKIComponent - C:\Users\tomas_000\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll (Komerční banka, a.s.)Chrome:=======CHR Extension: (Dokumenty Google) - C:\Users\tomas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-28]CHR Extension: (Disk Google) - C:\Users\tomas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-28]CHR Extension: (YouTube) - C:\Users\tomas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-28]CHR Extension: (VyhledávánĂ Google) - C:\Users\tomas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-28]CHR Extension: (avast! Online Security) - C:\Users\tomas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-28]CHR Extension: (Peněženka Google) - C:\Users\tomas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-28]CHR Extension: (Gmail) - C:\Users\tomas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-28]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-28]==================== Services (Whitelisted) =================R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-28] (AVAST Software)S2 BstHdAndroidSvc; c:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-01-08] (BlueStack Systems, Inc.)R2 BstHdLogRotatorSvc; c:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-01-08] (BlueStack Systems, Inc.)R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [39424 2012-12-07] ()R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99664 2013-04-27] (ELAN Microelectronics Corp.)S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-04-24] (Micro-Star International Co., Ltd.)S2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [154112 2013-02-08] (MSI)S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-26] ()R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [495616 2013-03-15] ()S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-28] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-28] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-28] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-28] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-28] (AVAST Software)R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-28] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-28] ()R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-03-15] (Qualcomm Atheros, Inc.)R2 BstHdDrv; c:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-01-08] (BlueStack Systems)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-12-28] (Disc Soft Ltd)S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [19952 2013-02-01] (Windows ® Win 7 DDK provider)R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2013-03-15] (Qualcomm Atheros, Inc.)S3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-26] (MSI)R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [524360 2013-04-27] (Realtek Semiconductor Corporation)R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [448072 2013-04-27] (RTS Corporation)R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1552456 2013-04-27] (Realtek Semiconductor Corporation )==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-04-28 11:34 - 2014-04-28 11:34 - 00019844 _____ () C:\Users\tomas_000\Desktop\FRST.txt2014-04-28 11:34 - 2014-04-28 11:34 - 00000000 ____D () C:\FRST2014-04-28 11:31 - 2014-04-28 11:31 - 02061824 _____ (Farbar) C:\Users\tomas_000\Desktop\FRST64.exe2014-04-21 05:31 - 2014-04-24 22:28 - 00000000 ____D () C:\ProgramData\2992199F9A2014-04-12 21:21 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys2014-04-12 21:21 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys2014-04-12 21:21 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe2014-04-12 21:21 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll2014-04-12 21:21 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll2014-04-12 21:21 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll2014-04-12 21:21 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-04-12 21:21 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll2014-04-12 21:21 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll2014-04-12 21:21 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-04-12 21:21 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2014-04-12 21:21 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys2014-04-12 21:21 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-04-12 21:21 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-04-12 21:21 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml2014-04-12 21:21 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys2014-04-12 21:21 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-04-12 21:21 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-04-12 21:21 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll2014-04-12 21:21 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll2014-04-12 20:18 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-04-12 20:18 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-04-12 20:18 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-04-12 20:18 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-04-12 20:18 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-04-12 20:18 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-04-12 20:18 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-04-12 20:18 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-04-12 20:18 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-04-12 20:18 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-04-12 20:18 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-04-12 20:18 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-04-12 20:18 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-04-12 20:18 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-04-12 20:18 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-04-12 20:18 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll2014-04-12 20:18 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-04-12 20:18 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-04-12 20:18 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-04-12 20:18 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll2014-04-12 20:18 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll2014-04-12 20:18 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-04-12 20:18 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-04-12 20:18 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-04-12 20:18 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-04-12 20:18 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-04-12 20:18 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-04-12 20:18 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2014-04-12 20:18 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-04-12 20:18 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll2014-04-12 20:18 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-04-12 20:18 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-04-12 20:18 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-04-09 14:21 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2014-04-09 14:21 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2014-04-09 14:21 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2014-04-09 14:21 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2014-04-04 14:11 - 2014-04-04 14:11 - 00000000 ____D () C:\Windows\System32\Tasks\GenericSettingsHandler==================== One Month Modified Files and Folders =======2014-04-28 11:34 - 2014-04-28 11:34 - 00019844 _____ () C:\Users\tomas_000\Desktop\FRST.txt2014-04-28 11:34 - 2014-04-28 11:34 - 00000000 ____D () C:\FRST2014-04-28 11:34 - 2013-10-03 16:10 - 00037564 _____ () C:\Users\tomas_000\AppData\Local\BTServer.log2014-04-28 11:31 - 2014-04-28 11:31 - 02061824 _____ (Farbar) C:\Users\tomas_000\Desktop\FRST64.exe2014-04-28 11:30 - 2013-10-03 16:49 - 00000000 ____D () C:\Program Files (x86)\Steam2014-04-28 11:23 - 2013-10-03 16:07 - 01203466 _____ () C:\Windows\WindowsUpdate.log2014-04-28 11:21 - 2013-04-28 01:51 - 00000000 ____D () C:\ProgramData\Realtek2014-04-28 11:14 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru2014-04-28 11:13 - 2014-03-28 05:57 - 00000970 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-04-26 17:25 - 2013-10-03 16:19 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1699877965-1772311906-267468670-10022014-04-26 16:45 - 2014-03-28 05:57 - 00000966 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-04-26 16:45 - 2013-04-28 01:49 - 00000000 ____D () C:\ProgramData\Bigfoot Networks2014-04-26 00:26 - 2013-10-04 01:09 - 00000000 ____D () C:\Users\tomas_000\AppData\Local\CrashDumps2014-04-25 22:46 - 2013-11-05 22:22 - 00000000 ____D () C:\Users\tomas_000\AppData\Roaming\TS3Client2014-04-25 22:06 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-04-25 22:03 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI2014-04-24 22:28 - 2014-04-21 05:31 - 00000000 ____D () C:\ProgramData\2992199F9A2014-04-24 22:28 - 2013-10-03 16:11 - 00000000 ___RD () C:\Users\tomas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-04-18 21:04 - 2014-03-19 05:35 - 00000222 _____ () C:\Users\tomas_000\Desktop\Wargame Red Dragon.url2014-04-18 08:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent2014-04-16 18:53 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache2014-04-16 14:37 - 2013-10-03 16:11 - 00000000 ___RD () C:\Users\tomas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-04-16 14:36 - 2013-02-22 09:00 - 01331294 _____ () C:\Windows\PFRO.log2014-04-16 14:33 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData2014-04-16 14:33 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore2014-04-15 13:49 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF2014-04-14 17:22 - 2013-10-08 15:41 - 00395264 ___SH () C:\Users\tomas_000\Desktop\Thumbs.db2014-04-13 20:26 - 2013-11-29 00:43 - 00000000 ____D () C:\Users\tomas_000\AppData\Local\Game Dev Tycoon - Steam2014-04-10 23:38 - 2013-11-30 00:10 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-04-10 03:04 - 2013-10-05 16:07 - 00000000 ____D () C:\Windows\system32\MRT2014-04-10 03:02 - 2013-10-05 16:07 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-04-04 14:11 - 2014-04-04 14:11 - 00000000 ____D () C:\Windows\System32\Tasks\GenericSettingsHandler2014-04-03 17:37 - 2013-10-03 16:07 - 00000000 ____D () C:\Users\tomas_0002014-03-31 23:18 - 2013-11-16 21:39 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-03-31 23:18 - 2013-11-16 21:39 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-03-31 05:08 - 2014-03-28 05:57 - 00003942 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-03-31 05:08 - 2014-03-28 05:57 - 00003706 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-03-30 02:42 - 2013-10-03 16:42 - 00000000 ___RD () C:\Users\tomas_000\Desktop\PC StuffSome content of TEMP:====================C:\Users\tomas_000\AppData\Local\Temp\Quarantine.exe==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2014-04-27 11:54==================== End Of Log ============================Addition.txt Link to post Share on other sites More sharing options...
MrCharlie Posted April 29, 2014 ID:824996 Share Posted April 29, 2014 Welcome to the forum. Please run a Quick Scan with Malwarebytes For Malwarebytes ver: 1.75 Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. For Malwarebytes 2.0, please run a Threat Scan Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware Same for PUM (Potentially Unwanted Modifications) Quarantine all that's found General P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. Then....... Please download and run RogueKiller 32 bit to your desktop. RogueKiller<---use this one for 64 bit systems Which system am I using? Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes and use the default font) MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running. Create a new restore point Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- If I don't respond within 24 hours, please send me a PM Link to post Share on other sites More sharing options...
kombicko Posted May 2, 2014 Author ID:826035 Share Posted May 2, 2014 hmmm cant post for some reason... Link to post Share on other sites More sharing options...
MrCharlie Posted May 2, 2014 ID:826036 Share Posted May 2, 2014 Try: Bottom right corner of this page. See if you can post/attach on that page, MrC Link to post Share on other sites More sharing options...
kombicko Posted May 2, 2014 Author ID:826061 Share Posted May 2, 2014 I tried already internal server error.... Here at least partial report.... the rest is bunch of drivers RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Podpora : http://forum.adlice.comWebové stránky : http://www.adlice.com/softwares/roguekiller/ : http://www.adlice.comOperační systém : Windows 8 (6.2.9200 ) 64 bits versionSpuštěno v : Normální režimUživatel : tomas_000 [Práva správce]Mód : Kontrola -- Datum : 05/02/2014 04:36:28| ARK || FAK || MBR |¤¤¤ Škodlivé procesy: : 0 ¤¤¤¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO¤¤¤ naplánované úlohy : 0 ¤¤¤¤¤¤ spuštění položky : 1 ¤¤¤[tomas_000][sUSP PATH] jbfrxhb.lnk : C:\Users\tomas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jbfrxhb.lnk @C:\Windows\System32\rundll32.exe C:\PROGRA~3\bhxrfbj.gsa,MMS1 [-][-][x] -> NALEZENO¤¤¤ Webové prohlížeče : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Zvláštní soubory / Složky: ¤¤¤ Link to post Share on other sites More sharing options...
MrCharlie Posted May 2, 2014 ID:826065 Share Posted May 2, 2014 I need to see the logs, try again later or use a different browser. This appears to be the problem error: ¤¤¤ spuštění položky : 1 ¤¤¤ [tomas_000][sUSP PATH] jbfrxhb.lnk : C:\Users\tomas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jbfrxhb.lnk @C:\Windows\System32\rundll32.exe C:\PROGRA~3\bhxrfbj.gsa,MMS1 [-][-][x] -> MrC (Be back in the morning) Link to post Share on other sites More sharing options...
kombicko Posted May 2, 2014 Author ID:826308 Share Posted May 2, 2014 RK report Link to post Share on other sites More sharing options...
kombicko Posted May 2, 2014 Author ID:826311 Share Posted May 2, 2014 MrC, sorry it just doesnt work... internal server error all the time... I tried attaching file used two different browsers, basic uploader, advanced uploader, doesnt work... Is there any other place I can post the report or send it via mail or something? Link to post Share on other sites More sharing options...
MrCharlie Posted May 2, 2014 ID:826319 Share Posted May 2, 2014 There probably is somewhere else you can upload your logs but I wouldn't know where.I suggest you post about your problem posting in this part of the forum and see what they say about it:https://forums.malwarebytes.org/index.php?showforum=41 If there's no resolutions maybe they could suggest a safe place to upload your logs, Let me know.....MrC Link to post Share on other sites More sharing options...
kombicko Posted May 2, 2014 Author ID:826332 Share Posted May 2, 2014 http://www.ulozto.net/xQLRqNAi/rkreport-0-s-05022014-213051-txt You can download it here, its typical sharing site, you dont need to register or anything just click on download Link to post Share on other sites More sharing options...
MrCharlie Posted May 2, 2014 ID:826345 Share Posted May 2, 2014 Says I can't download it. MrC Link to post Share on other sites More sharing options...
kombicko Posted May 2, 2014 Author ID:826346 Share Posted May 2, 2014 Oh... it was private, now its public try again please... Link to post Share on other sites More sharing options...
MrCharlie Posted May 2, 2014 ID:826347 Share Posted May 2, 2014 Run RogueKiller again and click Scan When the scan completes > click on the Startup tab Put a check next to all of these and uncheck the rest: (if found) [tomas_000][sUSP PATH] jbfrxhb.lnk : C:\Users\tomas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jbfrxhb.lnk @C:\Windows\System32\rundll32.exe C:\PROGRA~3\bhxrfbj.gsa,MMS1 [-][-][x] -> FOUND Now click Delete on the right hand column under Options ------------- Let me know....MrC Link to post Share on other sites More sharing options...
kombicko Posted May 2, 2014 Author ID:826351 Share Posted May 2, 2014 It is done, what now? Link to post Share on other sites More sharing options...
MrCharlie Posted May 2, 2014 ID:826353 Share Posted May 2, 2014 Do you still get the error??? MrC Link to post Share on other sites More sharing options...
kombicko Posted May 2, 2014 Author ID:826354 Share Posted May 2, 2014 hold on I ll restart Link to post Share on other sites More sharing options...
kombicko Posted May 2, 2014 Author ID:826357 Share Posted May 2, 2014 yup it seems its ok Link to post Share on other sites More sharing options...
MrCharlie Posted May 2, 2014 ID:826358 Share Posted May 2, 2014 OK...Take Care...MrC Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 4, 2014 Root Admin ID:826960 Share Posted May 4, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts